Analysis
-
max time kernel
239s -
max time network
303s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2023 01:00
Behavioral task
behavioral1
Sample
bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe
Resource
win10v2004-20221111-en
General
-
Target
bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe
-
Size
11KB
-
MD5
14fec5297bef8c5fa6d3f0f5934dea32
-
SHA1
5549beb12b3635e878b174ae93d47a147e2f6d98
-
SHA256
bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7
-
SHA512
a7889770f7bed2ed2aff36c67cda577cd0ebc064c93532d425d0207bb60f55ee474d6e433402b86704d3f80e442209df53f0bd885d5fcd72b5b229ff5697fda6
-
SSDEEP
192:cliHh1RDurJEC+88OSM4+pmqQcNM2YDM:cG1d2JEC+lKFI
Malware Config
Extracted
purecrypter
https://vinosbiodinamicos.com/Wnsixjk.bmp
Signatures
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Program crash 1 IoCs
pid pid_target Process procid_target 4264 4732 WerFault.exe 78 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4732 bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe"C:\Users\Admin\AppData\Local\Temp\bc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4732 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 19682⤵
- Program crash
PID:4264
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4732 -ip 47321⤵PID:3652
Network
-
Remote address:8.8.8.8:53Requestvinosbiodinamicos.comIN AResponsevinosbiodinamicos.comIN A92.52.217.24
-
Remote address:8.8.8.8:53Request151.122.125.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
40 B 1
-
40 B 1
-
260 B 5
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
260 B 5
-
260 B 5
-
260 B 5
-
92.52.217.24:443vinosbiodinamicos.comtlsbc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe735 B 5.6kB 8 9
-
92.52.217.24:443vinosbiodinamicos.comtlsbc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe932 B 5.9kB 10 11
-
8.8.8.8:53vinosbiodinamicos.comdnsbc080be46ac6e8aaff225091e2afdb6074fed20e30d30e1ad018f58a1e1901b7.exe67 B 83 B 1 1
DNS Request
vinosbiodinamicos.com
DNS Response
92.52.217.24
-
73 B 159 B 1 1
DNS Request
151.122.125.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa